RMF Step 3: Implement

In RMF Step 3, "Controls specified in the security and privacy plans are implemented." [Cybersecurity Framework: PR.IP-1] In this module we will back up a step to draft the Security Assessment Plan (SAP) to define what testing will be conducted in Step 3.

Assignment Requirements

1. Download the SAP Template. Part of it has been filled in with the testing you are evaluating in Assignment 6.2.
2. Complete the first tab with the information provided in your chosen RMF scenario.
3. Based on your systems hardware and software list, use the DISA STIG library to determine which STIGs will be applied in RMF Step 3. Add those to the list on Tab 2.

Submission Requirements

• Format: Microsoft Excel
• Use the assignment link about to submit your spreadsheet

A B C D E F G H J 1 NAME: FILL IN THE SHADED BLOCKS SLE Frequency SLE Frequency ARO ALE (Pre) (Pre) ARO (Pre) ALE (Pre) (Post) (Post) (Post) (Post) Programmer Mistakes 52,001 1 per week 52,001 1 per month Loss of Intellectual Property $48,000 2 per year $48,000 1 per 2 year Software Piracy $1,000 1 per quarter $1,000 1 per year Theft of Information (External) $4,200 1 per month $4,200 2 per year Theft of Information (Internal) $5, 100 3 per year $5,100 1 per year Web Defacement $1,000 1 per week $1,000 1 per year 9 Theft of Equipment $4,000 1 per quarter $5,000 1 per 2 year 10 Viruses, Worm, Trojan Horses $500 1 per week $500 1 per month 11 DoS Attack $4,000 2 per year $4,000 1 per year 12 Earthquake $250,000 1 per 20 years $35,000 1 per 20 year 13 Flood $250,000 1 per 20 years $30,000 1 per 20 years 14 Fire $550,000 1 per 10 years $55,000 1 per 10 year 15 16 17 Cost of 18 Control Type of Control CBA 19 Programmer Mistakes $12,000 Training 20 Loss of Intellectual Property $6,500 FirewallIDS 21 Software Piracy $6,500 Firewall/IDS Theft of Information (External) 56,500 FirewallIDS 23 Theft of Information (Internal) $11,000 Phys. Security 24 Web Defacement $5,000 Firewall 25 Theft of Equipment 511,000 Phys. Security 26 Viruses, Worm, Trojan Horses $9,000 Antivirus 27 DoS Attack $4,500 Firewall 28 Earthquake $3,500 Insurance/Backup 29 Flood $8,000 Insurance/Backup 30 Fire $3,500 Insurance/Backup 21